Content, Content

B2B, B2C SMBs Hit Hard by Ransomware Crews


Nearly half of small businesses (SMBs) have been victimized by ransomware hijackers and almost 75 percent of those have paid up, a recent survey of 500 C-suite executives found.

Despite the high numbers, more than 25 percent of the SMBs in the study said their organization lacked a plan to mitigate a ransomware attack and nearly 20 percent said their organization wasn’t prepared should an attack hit them. “It is shocking that during a time in which the world should be coming together in the fight against COVID-19, criminals are preying on unsuspecting people and organizations for personal, usually financial, gain,” said Russell Reeder, chief executive of Infrascale, a cloud-based provider of back-up and disaster recovery solutions.

Developing and executing a security plan to handle ransomware attacks is in the wheelhouse of managed security service providers (MSSPs). Many qualified third parties can provide implementation and setup of security systems, said Reeder. “That makes it easier than ever for businesses to protect themselves from ransomware and avoid rewarding criminals by paying out costly ransoms.”

Here are 10 survey results by SMB numbers:

  • 55% of business to business (B2Bs) have been hit by ransomware.
  • 36% of business-to-consumer (B2C) have been victims of ransomware attacks.
  • 83% believe they’re prepared for a ransomware attack. 10% more B2Bs (87%) believe they’re ready for an attack than B2Cs (77%).
  • 32% said their IT teams don’t have adequate resources to address the ransomware threat.
  • 78% of B2Bs have paid a ransom. 63% of B2Cs have also paid up.
  • 26% that have never paid a ransom would consider doing so. Of that group, 60% said they would pay a ransom to get their files back quickly.
  • 53% would pay a ransom to protect their company’s public image around data protection and recovery efforts.
  • 43% have paid between $10,000 to $50,000 to ransomware attackers. 13% paid more than $100,000.
  • 17% that paid a ransom did not recover all of their hijacked data.
  • 72% said their organization currently has a plan in place to mitigate a ransomware attack. B2Bs (80%) are better prepared than B2Cs (62%).

“The best protection, of course, is prevention. And education is the key to its success,” said Reeder. “If something looks nefarious, it usually is...If an organization is compromised, near-immediate remediation is top priority – and it shouldn't be in the form of paying a ransom. With appropriate backup and disaster recovery in place prior to a compromising event, an organization can quickly restore its data or spin up its operations to restore service,” he said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.